Chapter 7 - 09 - Discuss Importance of Load Balancing in Network Security - 02_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Network Security Controls — Technical Controls Exam 212-82 Load Balancing through Clustering Load Balancing Cluster VIP:192.0.2.1 Passive Load Balancer Intemet. 5= : iPl H : K> D »> ~ | I e [:] InternalIP 17216112 | ~a” CTTTIN > Virtual Server VIP:192.0.2.1 ! o, Web Cluster -.................. é ¢ i K: § Intemalip - Services 192.168.0.1:80 : : -§ : w, 17216111 H ™) (RSOOSR Foes : VIP:192.0.2.1 o Active Load Balancer Host 192.168.0.1 Host 192.168.0.2 Services 192.168.0.2:50 o 192.168.0.3 Services 192.168.0.3:80 Load Balancing through Clustering Many organizations use requests for a single web automatically takes over along with clustering, the requests is reduced. clustering to host multiple redundant web servers for handling application. If one of these web servers fails, then another server the responsibility of the failed server. When load balancing is used availability of web services is improved, and the latency in processing Virtual IP A virtual IP is used with load balancing and clustering. Here, a virtual server is used to map IP addresses of the network traffic originating from and transmitted to the Internet. The virtual server has one IP address that is publicly available. It is directly connected to the load balancers. Using multiple load balancers helps in handling failover situations. All these load balancers share a common virtual IP. The traffic is forwarded to the active load balancer using a redundancy protocol such as the Common Address Redundancy Protocol (CARP). This protocol ensures that the active load balancer is assigned with a virtual IP and it processes all the requests sent to that virtual IP. When the active load balancer fails, the redundancy protocol is responsible for forwarding the traffic to a passive load balancer. Module 07 Page 1000 Certified Cybersecurity Technician Copyright © by EG-Council Certified Cybersecurity Technician Exam 212-82 Network Security Controls — Technical Controls Load Balancing Cluster Web Cluster Host VIP:192.0.2.1 Passive Load Balancer Internet et....... o Jinasaen >|= ° 172.16.1.12 ;. = VIP:192.0.2.1 Greeere Internal IP Virtual Server :. Bt : IntemaliP : 192.168.0.1 Services 192.168.0.1:80 : : : : £ Host 192.168.0.2 Services 192.168.0.2:80 - -, $172.16.1.11 : E...................... s VIP:192.0.2.1 Active Load Balancer o 192.168.0.3 Services 192.168.0.3:80 Figure 7.138: Load balancing through clustering Active—Passive An active—passive cluster uses special-purpose hardware to reduce system downtime. This type of cluster includes one active server, one passive server, and a load balancer. This infrastructure helps in handling failover situations and forwards user requests to the correct server in the cluster. In this type of cluster, the primary server is designated as active and the standby server as passive. The requests are forwarded to the active server, and the standby server remains passive/inactive. The passive or failover server acts as a backup and takes over when the active or primary server drops its connection or becomes incapable of serving. The active—passive method is not scalable, but it can be used to achieve uninterrupted services. Active—passive configurations are used in websites, databases, and mail servers. Active—Active An active—active cluster consists of two identically configured similar services instantaneously. workloads to the nodes, thereby client is automatically connected permitted. When the first node nodes that dynamically run This cluster can achieve load balancing and can disseminate avoiding the overloading of any node. If any node fails, the with the other node and receives full resource access until it is recuperates or is restored, the client requests are again split between both server nodes. Using an active—active cluster for heavy traffic reduces network performance as the failure of one server can increase the workload of other servers. Module 07 Page 1001 Certified Cybersecurity Technician Copyright © by EG-Council All Rights Reserved. Reproduction is Strictly Prohibited. Lertinea Lybersecurity fecnnician exam 21Z2-62 Network Security Controls — Technical Controls Load Balancing Tools EdgeNexus Load | It provides services such as layer 4-7 load balancing, application R 5 3 Balancer acceleration, single sign-on, and advanced traffic management Azure Load Balancer https://azure.microsoft.com Elastic Load Balancing https://aws.amazon.com NGINX Plus https://www.nginx.com Citrix ADC platforms coo0o0o0 > https://www.citrix.com Avi Vantage https://avinetworks.com hitps://www.edgenexus.io Copyright © by E I. All Rights Reserved. Reproduction is Strictly Prohibited Load Balancing Tools = EdgeNexus Load Balancer Source: https://www.edgenexus.io EdgeNexus Load Balancer provides services such as layer 4-7 load balancing, application acceleration, pre-authorization and single sign-on, web-application firewall, and advanced traffic management. It distributes data among multiple data centers and clouds to deliver fast, scalable, and resilient applications, implements load balancing and failover policies advanced health checks and user geo-location. Module 07 Page 1002 based regardless of location. It on several criteria, including Certified Cybersecurity Technician Copyright © by EC-Council Certiniea Cybersecurity fechnician Exam 2Z12-64 Network Security Controls — Technical Controls EDGE NEXWUS Fre—-x © cnsimn fl _W** ° ERETE o - v e vir Vi Emabied " A seay ] Act -. - 7 v - 10481 172031 2021 M0 MaM00 1829300 Actve - - 7 wang MWMI0 Adtve - Ve w0 At Actee Sl. Buskc | Adenced - - - v 20021 v a0 waeny 7z 4 e/ Peets Wawrns ron Sarvice Mame Tervee Trpe 2 00 way Sewent 45 OMand e Layer 4 100 Loy 4 7CP addy L a0 Lewent Be-Encrypion Laye 4 TCP Laywr dTCR 00 | | wrrTe Bep@wIN Weight == atue Activey Address Port Weighe - Onwa N4av2 [ o 0o Web Larver 2 o On e [ 3] oD o Wb N4 | wrre [ Calculated | wtte %0 0 © e Motes ferver l 3 00O N Lnewry - - ANl Rowm @ View F Advanced 0 &e © 0 & Srtem Copyright © 2005-301 JotHEXUS Lid. ANl Bights Besarved. Figure 7.139: Screenshot of EdgeNexus Load Balancer Some of the additional load balancing tools are listed below: = Azure Load Balancer (https://azure.microsoft.com) » Elastic Load Balancing (https://aws.amazon.com) * NGINX Plus (https.//www.nginx.com) = Citrix ADC Platforms (https://www.citrix.com) * AviVantage (https://avinetworks.com) Module 07 Page 1003 Certified Cybersecurity Technician Copyright © by EC-Council